An Introduction to the ForumOS Command Line Interface (CLI)

Introduction

The goal of this article is to provide Sentry administrators with a quick introduction to the ForumOS Command Line Interface (known simply as the "CLI") and to provide a quick reference point for the most common CLI commands. The full CLI Reference Guide which lists all available CLI commands is attached.

The CLI is available with the Forum Sentry hardware appliances and the Forum Sentry virtual appliances. The CLI is not available with the Sentry software packages that run on Windows, Linux, or Solaris.

The Forum Sentry appliances (both hardware and virtual) run the ForumOS. This is a proprietary and hardened operating system which has been independently certified by FIPS 140-2 and NDPP.

There is no shell access, root access, or any other direct access to the underlying OS. Sentry administrators have access to the CLI and WebAdmin (browser interface) only.

The CLI will not typically be used in day to day operation, but rather for initial setup, network troubleshooting, and rare system changes such as setting the time manually or clearing a DNS cache.

The CLI is used for the initial setup of either the hardware or virtual appliance. There is no access to the WebAdmin interface until the CLI initialization has completed.

Accessing the CLI

There are two ways to access the CLI. How you access the CLI for the first time depends on the appliance type.

Hardware Appliance

The CLI is first accessed using the Serial Port on the device with Terminal Emulation software (see this KB article). The CLI can be accessed via SSH once the network settings are in place. When using SSH, use your WebAdmin credentials.

Virtual Appliance

With the virtual appliance, the CLI can be accessed via the VMware host product and then via SSH once the network settings are in place. When using SSH, use your WebAdmin credentials.

Helpful Hints and Tips

When typing commands in the CLI, type the Tab key for auto completion of the command

Type the question mark ( ? ) at any point to list the available commands

Type the Up Arrow to show the previous commands

With versions before 8.3, it is required to type the full command - for instance - instead of just "ping" type "network utils ping"

with version 8.3 and later some common network commands have shortcuts - for instance - you can just type "ping" for the "network utils ping" command

CLI Modes

There are two modes in the ForumOS CLI: Enable Mode and Command Mode.

Command Mode

The default mode upon access the CLI is Command Mode. With Command Mode, signified by the ForumOS> prompt, the administrator can't make any modifications. It is possible to capture information about the system and join enable mode.

Enable Mode

Enter Enable Mode by using the enable command and then enter the Enable Mode password. Enable mode is signified by the ForumOS# prompt. To exit Enable Mode type exit.

The following is a list of all commands available via Enable Mode:

Common CLI Uses and Commands

The most common use of the CLI is the initial appliance configuration. After the initial configuration, the CLI is mostly used for network troubleshooting, setting the system time manually, factory resetting, and bootstrap exports (backup the network settings).

Initial Hardware Configuration

Once in the CLI follow the initial configuration wizard to join or create a Security World (HSM model only), set the network settings, set an Enable mode password, and create an admin account.

Initial Virtual Appliance Configuration

The CLI is accessible through the VMWare product you are running the OVA file on. Once in the CLI follow the initial configuration wizard to set the network settings, set an Enable mode password, and create an admin account.